Loading

Sunday, December 6, 2009

Adding Ubuntu to Windows Active Directory


This is a step by step guide for joining a Ubuntu-based computer to a Windows Active Directory Domain. After a successful join the computer can then be accessed by AD users (as long as they have the required permissions). The Operating System used in this example is Ubuntu 9.04 but this guide should work for all Ubuntu/Debian based systems, even BackTrack 4.

Configure nsswitch.conf
First, configure the nsswitch.conf configuration file by adding/modifying the “hosts” line with the “files” and “dns” parameters. It is recommended that “files” should appear before “dns”.
sudo nano /etc/nsswitch.conf
Install Likewise Open
Likewise Open is a free, open source application that joins Linux, Unix, and Mac machines to Microsoft Active Directory and securely authenticates users with their domain credentials.
URL: http://www.likewise.com/products/likewise_open/index.php
sudo apt-get install likewise-open
Note that the following ports should be opened by the firewall
Port Protocol Use
53 UDP/TCP DNS
88 UDP/TCP Kerberos
123 UDP NTP
137 UDP NetBIOS Name Service
139 TCP NetBIOS Session (SMB)
389 UDP/TCP LDAP
445 TCP SMB over TCP
464 UDP/TCP Machine password changes
3268 TCP Global Catalog search
Manually registering Domain DNS server (If it is not automatically assigned by DHCP)
The server could be registered by modifying the /etc/resolv.conf file although this is NOT recommended since Ubuntu’s Network Manager plugin overwrites if you reboot your system. Therefore, we need to edit the /etc/dhclient.conf file and add/change the “prepend” line by adding the DNS server IP
sudo nano /etc/dhcp3/dhclient.conf
Then add your Domain DNS servers IPs seperated by comma (”,”)



Resetting the network connection
In order for Network Manager to refresh the new settings we need to reset the network connection. Finally ping a hostname registered with the Domains DNS server in order to make sure that is working
sudo ifconfig eth0 down
sudo ifconfig eth0 up
ping powercram.com
Registering with domain
We can now join the domain by running the following command and authenticating as Administrator (as specified below).
sudo domainjoin-cli join powercram.com Administrator
Reboot and Login
Finally, after restarting the system login using your Active Directory credentials.

No comments:

Post a Comment